I2P Network
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. Many applications are available that interface with I2P, including mail, peer-peer, IRC chat, and others. Anonymous Torrenting via i2psnark is also possible.
Usage
Install i2pd (deamon written in C++) and enable the service. Router Interface is at 127.0.0.1:7070 with HTTP Proxy at 127.0.0.1:4444
Configuration
There are two separate config files: i2pd.conf and tunnels.conf. i2pd.conf is the main configuration file, where you configure all options. tunnels.conf is the tunnel configuration file, where you configure I2P hidden services and client tunnels.
Example i2pd.conf:
logfile = /var/log/i2pd/i2pd.log ipv4 = true ipv6 = false ssu = true bandwidth = X
[ssu2] enabled = true published = true
[http] enabled = true address = 0.0.0.0 port = 7070 auth = true user = i2pd pass = pass strictheaders = false lang = english
[httpproxy] address = 0.0.0.0 port = 4444 # StormyCloud #outproxy = http://5d4s7pcvfdpftfk7npc7hllyujhufsdprtrf4o53i44rgsa2xbwa.b32.i2p
# Purokishi outproxy = http://purokishi.i2p
[socksproxy] address = 0.0.0.0 port = 4447
[sam] enabled = true address = 127.0.0.1 port = 7656
[i2cp] enabled = true address = 0.0.0.0 port = 7654
[reseed] verify = true
[addressbook] subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt General options
Option Description conf Config file (default: ~/.i2pd/i2pd.conf or /var/lib/i2pd/i2pd.conf). This parameter will be silently ignored if the specified config file does not exist. tunconf Tunnels config file (default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf) pidfile Where to write pidfile (default: i2pd.pid, not used in Windows) log Logs destination: stdout, file, syslog (stdout if not set or invalid) (if daemon, stdout/unspecified are replaced by file in some cases) logfile Path to logfile (default - autodetect) loglevel Log messages above this level (debug, info, warn, error, none; default - warn) logclftime Write full CLF-formatted date and time to log (default: false (write only time)) datadir Path to storage of i2pd data (RouterInfos, destinations keys, peer profiles, etc …) host Router external IP for incoming connections (default: auto if SSU2 is enabled) port Port to listen for incoming connections (default: auto (random)) daemon Router will go to background after start (default: true) service Router will use system folders like ‘/var/lib/i2pd’ (on unix) or ‘C:\ProgramData\i2pd’ (on Windows). Ignored on MacOS and Android (default: false) ifname Network interface to bind to ifname4 Network interface to bind to for IPv4 ifname6 Network interface to bind to for IPv6 address4 Local address to bind to for IPv4 address6 Local address to bind to for clearnet IPv6 nat If true, assume we are behind NAT (default: true) ipv4 Enable communication through IPv4 (default: true) ipv6 Enable communication through clearnet IPv6 (default: false) notransit Router will not accept transit tunnels, disabling transit traffic completely. G router cap will be published (default: false) floodfill Router will be floodfill (default: false) bandwidth Bandwidth limit: integer in KBps or letters: L (32), O (256), P (2048), X (unlimited). share Max % of bandwidth limit for transit. 0-100 (default: 100) family Name of a family, router belongs to netid Network ID, router belongs to. Main I2P is 2.
NTCP2
Option Description ntcp2.enabled Enable NTCP2 (default: true) ntcp2.published Enable incoming NTCP2 connections (default: true) ntcp2.port Port to listen for incoming NTCP2 connections (default: auto - port from general section) ntcp2.addressv6 External IPv6 for incoming connections ntcp2.proxy Specify proxy server for NTCP2. Should be http://address:port or socks://address:port
SSU2
Option Description ssu2.enabled Enable SSU2 (default: true) ssu2.published Enable incoming SSU2 connections. (default: true) ssu2.port Port to listen for incoming SSU2 connections (default: auto - ‘port’ from general section) ssu2.proxy Specify UDP socks5 proxy server for NTCP2. Should be socks://address:port ssu2.mtu4 MTU for local ipv4. (default: auto) ssu2.mtu6 MTU for local ipv6. (default: auto)
HTTP webconsole
Option Description http.enabled If webconsole is enabled. (default: true) http.address The address to listen on (HTTP server) http.port The port to listen on (HTTP server) (default: 7070) http.auth Enable basic HTTP auth for webconsole (default: false) http.user Username for basic auth (default: i2pd) http.pass Password for basic auth (default: random, see logs) http.strictheaders Enable strict host checking on WebUI. (default: true) http.hostname Expected hostname for WebUI (default: localhost)
HTTP Proxy
Option Description httpproxy.enabled If HTTP proxy is enabled. (default: true) httpproxy.address The address to listen on (HTTP Proxy) httpproxy.port The port to listen on (HTTP Proxy) (default: 4444) httpproxy.addresshelper Enable address helper (jump). (default: true) httpproxy.keys Optional keys file for HTTP proxy local destination httpproxy.signaturetype Signature type for new keys if keys file is set. (default: 7) httpproxy.inbound.length Inbound tunnels length if keys is set. (default: 3) httpproxy.inbound.quantity Inbound tunnels quantity if keys is set. (default: 5) httpproxy.inbound.lengthVariance Inbound tunnels length variance if keys is set. (default: 0) httpproxy.outbound.length Outbound tunnels length if keys is set. (default: 3) httpproxy.outbound.quantity Outbound tunnels quantity if keys is set. (default: 5) httpproxy.outbound.lengthVariance Outbound tunnels length variance if keys is set. (default: 0) httpproxy.outproxy HTTP proxy upstream out proxy url (like http://false.i2p )httpproxy.i2cp.leaseSetType Type of LeaseSet to be sent. 1, 3 or 5. (default: 3) httpproxy.i2cp.leaseSetEncType Comma separated encryption types to be used in LeaseSet type 3 or 5
Socks proxy
Option Description socksproxy.enabled If SOCKS proxy is enabled. (default: true) socksproxy.address The address to listen on (SOCKS Proxy) socksproxy.port The port to listen on (SOCKS Proxy). (default: 4447) socksproxy.keys Optional keys file for SOCKS proxy local destination socksproxy.signaturetype Signature type for new keys if keys file is set. (default: 7) socksproxy.inbound.length Inbound tunnels length if keys is set. (default: 3) socksproxy.inbound.quantity Inbound tunnels quantity if keys is set. (default: 5) socksproxy.inbound.lengthVariance Inbound tunnels length variance if keys is set. (default: 0) socksproxy.outbound.length Outbound tunnels length if keys is set. (default: 3) socksproxy.outbound.quantity Outbound tunnels quantity if keys is set. (default: 5) socksproxy.outbound.lengthVariance Outbound tunnels length variance if keys is set. (default: 0) socksproxy.outproxy.enabled Enable or disable SOCKS outproxy. (default: false) socksproxy.outproxy Address of outproxy. Requests outside I2P will go there. socksproxy.outproxyport Outproxy remote port socksproxy.i2cp.leaseSetType Type of LeaseSet to be sent. 1, 3 or 5. (default: 3) socksproxy.i2cp.leaseSetEncType Comma separated encryption types to be used in LeaseSet type 3 or 5
SAM interface
Option Description sam.enabled If SAM is enabled. (default: true) sam.address The address to listen on (SAM bridge) sam.port Port of SAM bridge. Usually 7656. SAM is off if not specified sam.singlethread If false every SAM session runs in own thread. (default: true)
BOB interface
Option Description bob.enabled If BOB is enabled. (default: false) bob.address The address to listen on (BOB command channel) bob.port Port of BOB command channel. Usually 2827. BOB is off if not specified
I2CP interface
Option Description i2cp.enabled If I2CP is enabled. (default: true) i2cp.address The address to listen on or an abstract address for Android LocalSocket i2cp.port Port of I2CP server. Usually 7654. Ignored for Andorid i2cp.singlethread If false every I2CP session runs in own thread. (default: true)
I2PControl interface
Option Description i2pcontrol.enabled If I2P control is enabled. (default: false) i2pcontrol.address The address to listen on (I2P control service) i2pcontrol.port Port of I2P control service. Usually 7650. I2PControl is off if not specified i2pcontrol.password I2P control authentication password. (default: itoopie) i2pcontrol.cert I2P control HTTPS certificate file name. (default: i2pcontrol.crt.pem) i2pcontrol.key I2P control HTTPS certificate key file name. (default: i2pcontrol.key.pem)
Reseeding
Option Description reseed.verify Verify .su3 signature. (default: false) reseed.urls Reseed URLs, separated by comma reseed.yggurls Reseed Yggdrasil’s URLs, separated by comma reseed.file Path to local .su3 file or HTTPS URL to reseed from reseed.zipfile Path to local .zip file to reseed from reseed.threshold Minimum number of known routers before requesting reseed. (default: 25) reseed.proxy Url for https/socks reseed proxy
Addressbook options
Option Description addressbook.defaulturl AddressBook subscription URL. Only used to initialize the AddressBook. addressbook.subscriptions AddressBook subscriptions URLs, separated by comma. Note that defaulturl is not added to subscriptions URLs addressbook.hostsfile File to dump AddressesBook in hosts.txt format
Trust options
Option Description trust.enabled Enable explicit trust options. (default: false) trust.family Make direct I2P connections only to routers in specified Family. trust.routers Make direct I2P connections only to routers specified here. Comma separated list of base64 identities. trust.hidden Should we hide our router from other routers? (default: false)
Exploratory tunnels
Option Description exploratory.inbound.length Exploratory inbound tunnels length. (default: 2) exploratory.inbound.quantity Exploratory inbound tunnels quantity. (default: 3) exploratory.outbound.length Exploratory outbound tunnels length. (default: 2) exploratory.outbound.quantity Exploratory outbound tunnels quantity. (default: 3)
Tunnel Configuration
Available tunnel types:
Type Description client Client tunnel to remote I2P destination (TCP ) server Generic server tunnel to setup any TCP service in I2P network http HTTP server tunnel to setup a website in I2P
Client Tunnel
[irc-out] type = client address = 127.0.0.1 port = 6668 destination = irc.ilita.i2p keys = irc.dat Optional parameters
Option Description address Local interface tunnel binds to, ‘127.0.0.1’ for connections from local host only, ‘0.0.0.0’ for connections from everywhere. (default: 127.0.0.1) port Port of client tunnel. signaturetype Signature type for new keys. RSA signatures (4,5,6) are not allowed and will be changed to 7. (default: 7) cryptotype Crypto type for new keys. Experimental. Should be always 0 destinationport Connect to particular port at destination. 0 by default (targeting first tunnel on server side for destination) keepaliveinterval Send ping to the destination after this interval in seconds. (default: 0 - no pings) keys Keys for destination. When same for several tunnels, will be using same destination for every tunnel.
Server Tunnel
[smtp-in] type = server host = 127.0.0.1 port = 25 keys = smtp-in.dat Optional parameters
Option Description host IP address of server (on this address i2pd will send data from I2P) port Port of server tunnel. inport (non-TCP non-UDP ) I2P local destination port to listen to; an unsigned 16-bit integer. What port at local destination server tunnel listens to (default: same as port ) accesslist List of comma-separated of b32 address (without .b32.i2p) allowed to connect. Everybody is allowed by default gzip Turns internal compression off if set to false. (default: false) signaturetype Signature type for new keys. (default: 7) cryptotype Crypto type for new keys. Experimental. Should be always 0 enableuniquelocal If true, connection to local address will look like 127.x.x.x where x.x.x is first 3 bytes of incoming connection peer’s ident hash. (default: true) address IP address of an interface tunnel is connected to host from. Usually not used keys Keys for destination. When same for several tunnels, will be using same destination for every tunnel.
HTTP Tunnel
[http-in] type = http host = 127.0.0.1 port = 80 keys = our-website.dat There are several tools available here .
keygen
Generate an I2P private key.
Usage
Make a EDDSA-SHA512-ED25519 destination key
./keygen privkey.dat Make an destination key with a certain key type
./keygen privkey.dat < numbe r > ./keygen privkey.dat < key nam e > key name number DSA-SHA1 0 ECDSA-SHA256-P256 1 ECDSA-SHA384-P384 2 ECDSA-SHA512-P521 3 RSA-SHA256-2048 4 RSA-SHA384-3072 5 RSA-SHA512-4096 6 EDDSA-SHA512-ED25519 7 GOSTR3410_CRYPTO_PRO_A-GOSTR3411-256 9 GOSTR3410_TC26_A_512-GOSTR3411-512 10 RED25519-SHA512 11
vain
Vanity generation address.
Time to Generate on a 2.70GHz Processor:
characters time to generate (approx.) 1 ~0.082s 2 ~0.075s 3 ~0.100s 4 ~0.394s 5 ~6.343s 6 ~1m-5m 7 ~30m
Usage
./vain pattern [options] Options
Option Description -r, --regregex instead of text pattern -t, --threadsUse this many threads (default all) -o, --output output_fileOutput file -m, --multiplymodemultiple addresses search
keyinfo
Prints information about an I2P private key
Usage
Print just the b32 address for this key
./keyinfo privatekey.dat … just the base64 address
./keyinfo -d privatekey.dat Print all info about the public key
./keyinfo -v privatekey.dat